I use secure shell a LOT, every day. So much so that I often take for granted how important this tool is. Not only does it allow me to log into remote machines to handle management of said machine, it can do other things as well - X tunneling being one of the most useful features. But for many users ssh only serves as a means to log in, do a few command-line tasks, and log out. It doesn't (and shouldn't) have to be that way.
With Secure Shell there are a number of ways to use (and configure) this tool to make it more useful and more secure. In this article you will learn five different (and handy) secure shell tips to make sure your ssh usage is as good as it can be. And for some basic secure shell knowledge, check out my article "Get to know Linux: Secure shell".
Have have dealt with this before (as a side note), but wanted to re-iterate this process. Because I use ssh so much I get tired of having to enter passwords constantly. Now I will preface this by saying only do this on a network you trust. Yes you will be logging into ssh with a certificate, and that certificate will be on your machine, but you don't want to employ this method on a network that can not be trusted. With that in mind, here are the steps for setting this up.
On the local machine issue the command:
ssh-keygen -t dsa
This command will generate a public key that will be then copied to your server. During this creation process you will be asked for a password - just press enter to use a blank password for this. You will have to verify the password, so hit enter again. )
With the key created you have to copy it to the server you want to ssh into. To do this enter the command:
ssh-copy-id -i .ssh/id_dsa.pub [email protected]
Where username is the username you will be logging into on the remote server and destination is the IP address of the remote server.
Now when you go to secure shell into that remote machine you will not have to enter a password.
Block root login
Although secure shell is a secure means of logging into your server, you do not want to allow root access (for obvious reasons). Blocking root access is simple. Open up the /etc/ssh/sshd_config file and look for this line:
and make sure it is set to "no" (no quotes). So the complete line will read:
Once you have saved that file, restart the ssh daemon with the command:
sudo /etc/init.d/ssh restart
Now the root user can no longer log in remotely via ssh.
Enable X tunneling
Secure shell is made even more powerful when you can run a remote X application on your local machine. And what is better is that it's not difficult at all. In order to allow X tunneling you will first need to open up the /etc/ssh/sshd_config file and search for this line:
and make sure it looks like:
Once that is set save the file, restart sshd, and you are ready to tunnel and X Windows application through ssh. To accomplish this you have to add the -X flag to your secure shell command like this:
ssh -v -l USERNAME IP_ADDRESS -X
Where USERNAME is the username you want to log in with and IP_ADDRESS is the actual IP address of the machine you are logging into.
There are so many cool tricks and tips with secure shell, but the above three are, in my opinion, the most helpful. Have you come across a helpful ssh tip you'd like to share? Or are you looking for a particular behavior out of secure shell? If so. share with your fellow Ghacks readers.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.